From: Rafal Krypa Date: Mon, 30 Jun 2014 14:51:23 +0000 (+0200) Subject: Unify internal naming convention: permission => privilege X-Git-Tag: accepted/tizen/ivi/20140807.055102~22 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8a7eb95f6c79553d3d1d4e4d9586a6ee0a400288;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git Unify internal naming convention: permission => privilege Words "permission" and "privilege" were used interchangeably throughout the code. It was decided that security-manager will manage "application privileges", as they are called in several Tizen documents. Places calling them "permissions" were edited for unification. Change-Id: I7db701ceb55237457258d63b2b7347aae50852ce Signed-off-by: Rafal Krypa --- diff --git a/src/server/db/app-permissions-db.sql b/src/server/db/app-permissions-db.sql index debeaa2..d7c6186 100644 --- a/src/server/db/app-permissions-db.sql +++ b/src/server/db/app-permissions-db.sql @@ -20,40 +20,40 @@ UNIQUE (name), FOREIGN KEY (pkg_id) REFERENCES pkg (pkg_id) ); -CREATE TABLE IF NOT EXISTS permission ( -permission_id INTEGER PRIMARY KEY, +CREATE TABLE IF NOT EXISTS privilege ( +privilege_id INTEGER PRIMARY KEY, name VARCHAR NOT NULL , UNIQUE (name) ); -CREATE TABLE IF NOT EXISTS app_permission ( +CREATE TABLE IF NOT EXISTS app_privilege ( app_id INTEGER NOT NULL, -permission_id INTEGER NOT NULL , -PRIMARY KEY (app_id, permission_id), +privilege_id INTEGER NOT NULL , +PRIMARY KEY (app_id, privilege_id), FOREIGN KEY (app_id) REFERENCES app (app_id) -FOREIGN KEY (permission_id) REFERENCES permission (permission_id) +FOREIGN KEY (privilege_id) REFERENCES privilege (privilege_id) ); -CREATE TABLE IF NOT EXISTS permission_gid ( -permission_id INTEGER NOT NULL, +CREATE TABLE IF NOT EXISTS privilege_gid ( +privilege_id INTEGER NOT NULL, gid INTEGER NOT NULL, -PRIMARY KEY (permission_id, gid), -FOREIGN KEY (permission_id) REFERENCES permission (permission_id) +PRIMARY KEY (privilege_id, gid), +FOREIGN KEY (privilege_id) REFERENCES privilege (privilege_id) ); -DROP VIEW IF EXISTS app_permission_view; -CREATE VIEW app_permission_view AS +DROP VIEW IF EXISTS app_privilege_view; +CREATE VIEW app_privilege_view AS SELECT - app_permission.app_id as app_id, + app_privilege.app_id as app_id, app.name as app_name, app.pkg_id as pkg_id, pkg.name as pkg_name, - app_permission.permission_id as permission_id, - permission.name as permission_name -FROM app_permission + app_privilege.privilege_id as privilege_id, + privilege.name as privilege_name +FROM app_privilege LEFT JOIN app USING (app_id) LEFT JOIN pkg USING (pkg_id) -LEFT JOIN permission USING (permission_id); +LEFT JOIN privilege USING (privilege_id); DROP VIEW IF EXISTS app_pkg_view; CREATE VIEW app_pkg_view AS @@ -65,22 +65,22 @@ SELECT FROM app LEFT JOIN pkg USING (pkg_id); -DROP TRIGGER IF EXISTS app_permission_view_insert_trigger; -CREATE TRIGGER app_permission_view_insert_trigger -INSTEAD OF INSERT ON app_permission_view +DROP TRIGGER IF EXISTS app_privilege_view_insert_trigger; +CREATE TRIGGER app_privilege_view_insert_trigger +INSTEAD OF INSERT ON app_privilege_view BEGIN INSERT OR IGNORE INTO pkg(name) VALUES (NEW.pkg_name); - INSERT OR IGNORE INTO permission(name) VALUES (NEW.permission_name); + INSERT OR IGNORE INTO privilege(name) VALUES (NEW.privilege_name); INSERT OR IGNORE INTO app(pkg_id, name) VALUES ((SELECT pkg_id FROM pkg WHERE name=NEW.pkg_name), NEW.app_name); - INSERT OR IGNORE INTO app_permission(app_id, permission_id) VALUES - ((SELECT app_id FROM app WHERE name=NEW.app_name), (SELECT permission_id FROM permission WHERE name=NEW.permission_name)); + INSERT OR IGNORE INTO app_privilege(app_id, privilege_id) VALUES + ((SELECT app_id FROM app WHERE name=NEW.app_name), (SELECT privilege_id FROM privilege WHERE name=NEW.privilege_name)); END; -DROP TRIGGER IF EXISTS app_permission_view_delete_trigger; -CREATE TRIGGER app_permission_view_delete_trigger -INSTEAD OF DELETE ON app_permission_view +DROP TRIGGER IF EXISTS app_privilege_view_delete_trigger; +CREATE TRIGGER app_privilege_view_delete_trigger +INSTEAD OF DELETE ON app_privilege_view BEGIN - DELETE FROM app_permission WHERE app_id=OLD.app_id AND permission_id=OLD.permission_id; + DELETE FROM app_privilege WHERE app_id=OLD.app_id AND privilege_id=OLD.privilege_id; END; DROP TRIGGER IF EXISTS app_pkg_view_insert_trigger; diff --git a/src/server/db/include/privilege_db.h b/src/server/db/include/privilege_db.h index 02e3d0b..627c1b6 100644 --- a/src/server/db/include/privilege_db.h +++ b/src/server/db/include/privilege_db.h @@ -40,14 +40,14 @@ namespace SecurityManager { -typedef std::vector TPermissionsList; +typedef std::vector TPrivilegesList; enum class QueryType { - EGetPkgPermissions, + EGetPkgPrivileges, EAddApplication, ERemoveApplication, - EAddAppPermissions, - ERemoveAppPermissions, + EAddAppPrivileges, + ERemoveAppPrivileges, EPkgIdExists, }; @@ -59,11 +59,11 @@ class PrivilegeDb { private: SecurityManager::DB::SqlConnection *mSqlConnection; const std::map Queries = { - { QueryType::EGetPkgPermissions, "SELECT permission_name FROM app_permission_view WHERE pkg_name=?"}, + { QueryType::EGetPkgPrivileges, "SELECT privilege_name FROM app_privilege_view WHERE pkg_name=?"}, { QueryType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name) VALUES (?, ?)" }, { QueryType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND pkg_name=?" }, - { QueryType::EAddAppPermissions, "INSERT INTO app_permission_view (app_name, pkg_name, permission_name) VALUES (?, ?, ?)" }, - { QueryType::ERemoveAppPermissions, "DELETE FROM app_permission_view WHERE app_name=? AND pkg_name=? AND permission_name=?" }, + { QueryType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, pkg_name, privilege_name) VALUES (?, ?, ?)" }, + { QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND pkg_name=? AND privilege_name=?" }, { QueryType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" } }; @@ -82,11 +82,11 @@ private: * * @param appId - application identifier * @param pkgId - package identifier - * @param[out] currentPermissions - list of current permissions assigned to tuple (appId, pkgId) + * @param[out] currentPrivileges - list of current privileges assigned to tuple (appId, pkgId) * @exception DB::SqlConnection::Exception::InternalError on internal error */ - void GetPkgPermissions(const std::string &pkgId, - TPermissionsList ¤tPermission); + void GetPkgPrivileges(const std::string &pkgId, + TPrivilegesList ¤tPrivileges); public: class Exception @@ -149,19 +149,19 @@ public: bool &pkgIdIsNoMore); /** - * Update permissions belonging to tuple (appId, pkgId) + * Update privileges belonging to tuple (appId, pkgId) * * @param appId - application identifier * @param pkgId - package identifier - * @param permissions - list of permissions to assign - * @param[out] addedPermissions - return list of added permissions - * @param[out] removedPermissions - return list of removed permissions + * @param privileges - list of privileges to assign + * @param[out] addedPrivileges - return list of added privileges + * @param[out] removedPrivileges - return list of removed privileges * @exception DB::SqlConnection::Exception::InternalError on internal error */ - void UpdatePermissions(const std::string &appId, - const std::string &pkgId, const TPermissionsList &permissions, - TPermissionsList &addedPermissions, - TPermissionsList &removedPermissions); + void UpdatePrivileges(const std::string &appId, + const std::string &pkgId, const TPrivilegesList &privileges, + TPrivilegesList &addedPrivileges, + TPrivilegesList &removedPrivileges); }; diff --git a/src/server/db/privilege_db.cpp b/src/server/db/privilege_db.cpp index d843c27..ff86d50 100644 --- a/src/server/db/privilege_db.cpp +++ b/src/server/db/privilege_db.cpp @@ -160,87 +160,87 @@ void PrivilegeDb::RemoveApplication(const std::string &appId, }); } -void PrivilegeDb::GetPkgPermissions(const std::string &pkgId, - TPermissionsList ¤tPermissions) +void PrivilegeDb::GetPkgPrivileges(const std::string &pkgId, + TPrivilegesList ¤tPrivileges) { try_catch([&] { DB::SqlConnection::DataCommandAutoPtr command = mSqlConnection->PrepareDataCommand( - Queries.at(QueryType::EGetPkgPermissions)); + Queries.at(QueryType::EGetPkgPrivileges)); command->BindString(1, pkgId.c_str()); while (command->Step()) { - std::string permission = command->GetColumnString(0); - LogPedantic ("Got permission: "<< permission); - currentPermissions.push_back(permission); + std::string privilege = command->GetColumnString(0); + LogPedantic ("Got privilege: "<< privilege); + currentPrivileges.push_back(privilege); }; }); } -void PrivilegeDb::UpdatePermissions(const std::string &appId, - const std::string &pkgId, const TPermissionsList &permissions, - TPermissionsList &addedPermissions, - TPermissionsList &removedPermissions) +void PrivilegeDb::UpdatePrivileges(const std::string &appId, + const std::string &pkgId, const TPrivilegesList &privileges, + TPrivilegesList &addedPrivileges, + TPrivilegesList &removedPrivileges) { try_catch([&] { DB::SqlConnection::DataCommandAutoPtr command; - TPermissionsList curPermissions = TPermissionsList(); - GetPkgPermissions(pkgId, curPermissions); + TPrivilegesList curPrivileges = TPrivilegesList(); + GetPkgPrivileges(pkgId, curPrivileges); //Data compilation - std::set permissionsSet = std::set< - std::string>(permissions.begin(), permissions.end()); - std::set curPermissionsSet = std::set< - std::string>(curPermissions.begin(), curPermissions.end()); - - std::list < std::string > tmpPermissions = std::list < std::string - > (permissions.begin(), permissions.end()); - tmpPermissions.merge (std::list < std::string - >(curPermissions.begin(), curPermissions.end())); - tmpPermissions.unique (); - - for (auto permission : tmpPermissions) { - if ((SET_CONTAINS(permissionsSet, permission)) && !(SET_CONTAINS(curPermissionsSet, permission))) { - addedPermissions.push_back(permission); + std::set privilegesSet = std::set< + std::string>(privileges.begin(), privileges.end()); + std::set curPrivilegesSet = std::set< + std::string>(curPrivileges.begin(), curPrivileges.end()); + + std::list < std::string > tmpPrivileges = std::list < std::string + > (privileges.begin(), privileges.end()); + tmpPrivileges.merge (std::list < std::string + >(curPrivileges.begin(), curPrivileges.end())); + tmpPrivileges.unique (); + + for (auto privilege : tmpPrivileges) { + if ((SET_CONTAINS(privilegesSet, privilege)) && !(SET_CONTAINS(curPrivilegesSet, privilege))) { + addedPrivileges.push_back(privilege); } - if (!(SET_CONTAINS(permissionsSet, permission)) && (SET_CONTAINS(curPermissionsSet, permission))) { - removedPermissions.push_back(permission); + if (!(SET_CONTAINS(privilegesSet, privilege)) && (SET_CONTAINS(curPrivilegesSet, privilege))) { + removedPrivileges.push_back(privilege); } } - //adding missing permissions - for (auto addedPermission : addedPermissions) { + //adding missing privileges + for (auto addedPrivilege : addedPrivileges) { command = mSqlConnection->PrepareDataCommand( - Queries.at(QueryType::EAddAppPermissions)); + Queries.at(QueryType::EAddAppPrivileges)); command->BindString(1, appId.c_str()); command->BindString(2, pkgId.c_str()); - command->BindString(3, addedPermission.c_str()); + command->BindString(3, addedPrivilege.c_str()); if (command->Step()) LogPedantic("Unexpected SQLITE_ROW answer to query: " << - Queries.at(QueryType::EAddAppPermissions)); + Queries.at(QueryType::EAddAppPrivileges)); command->Reset(); LogPedantic( - "Added appId: " << appId << ", pkgId: " << pkgId << ", permission: " << addedPermission); + "Added appId: " << appId << ", pkgId: " << pkgId << ", privilege: " << addedPrivilege); } - //removing unwanted permissions - for (auto removedPermission : removedPermissions) { + //removing unwanted privileges + for (auto removedPrivilege : removedPrivileges) { command = mSqlConnection->PrepareDataCommand( - Queries.at(QueryType::ERemoveAppPermissions)); + Queries.at(QueryType::ERemoveAppPrivileges)); command->BindString(1, appId.c_str()); command->BindString(2, pkgId.c_str()); - command->BindString(3, removedPermission.c_str()); + command->BindString(3, removedPrivilege.c_str()); if (command->Step()) LogPedantic("Unexpected SQLITE_ROW answer to query: " << - Queries.at(QueryType::EAddAppPermissions)); + Queries.at(QueryType::EAddAppPrivileges)); LogPedantic( - "Removed appId: " << appId << ", pkgId: " << pkgId << ", permission: " << removedPermission); + "Removed appId: " << appId << ", pkgId: " << pkgId << ", privilege: " << removedPrivilege); } }); }